The Health Sector Cybersecurity Coordination Center (HC3), part of the US Department of Health and Human Services (HHS), is warning healthcare organizations of the threat posed by ongoing Royal ransomware attacks.
“Since its appearance, HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector. Due to the historical nature of ransomware victimizing the healthcare community, Royal should be considered a threat to the HPH sector.” says the report.
Royal ransomware was first observed in September 2022. Once infected, the requested demand for payment has been seen to range anywhere from $250,000 to over $2 million.
Unlike otherransomware operators that performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal.
Once a network has been compromised, they will perform activities commonly seen from other operations, including deploying Cobalt Strike for persistence, harvesting credentials, and moving laterally through a system until they ultimately encrypt the files.
Royal is a newer ransomware, and less is known about the malware and operators than others.
Read more about it here.